Hi Experts,

I've found out from the trace file that if I put a name in the file name, something like: 'Filename*' then the connection is in error at the LIST command. But, if I put just '*' (asterisk) in the file name, then the LIST command is successful and we can continue to retrieve the files.

The problem is by putting asterisk (*) in the file name parameter, then the channel will pick all files, but I may not pick all files.

Has someone experience this? Is there any other way to limit files picking in FTP sender channel other than setting it in the filename?

Regards,

Suwandi C.

Hi Experts,

Thank you for the reply.

as I recall, that the FTPS receiver channel works fine, the one with issue is the FTPS sender channel.

If the FTPS server vendor said that the issue is at the cipher version mismatch between SAP PI and their FTPS server, then why does the FTPS receiver channel works? I guess there would still be a SSL/TLS handshake and security negotiation going on in the FTPS receiver channel. CMIIW.

Regards,

Suwandi C.

Hi Experts,

I've received a response from the FTPS vendor, they said that PI is trying to connect using the old TLS version and Cipher.

The log message at the FTPS server is:

Ensure that client is using ssl_tlsv2 and any of the following ciphers: [TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_NULL_SHA, TLS_RSA_WITH_NULL_SHA, TLS_ECDHE_RSA_WITH_NULL_SHA, TLS_RSA_WITH_NULL_SHA, TLS_RSA_WITH_NULL_MD5].

How to check what TLS version is and cipher method is used in PI and how to change them?

I found out that ssl_tlsv2 means a context protocol which supports: TLSv1.2, TLSv1.1, TLSv1.0 and SSLv3

PI has sent SSL using version 3.1 (I think SSLv3.1 means TLSv1.0), since TLS1.0 is supported in ssl_tlsv2, that means we need to check on the cipher mode?

Regards,

Suwandi C.

Hi All,

Thanks for the advice.

Yes, currently we're in the progress of installing the XPI inspector but we're facing a difficulty in installing it.

We've also contacted the third party FTP vendor to check on their log.

Thank you,

Suwandi C.

Hi Raghuraman,

Thanks for the reply. Do you mean at the same server as the PI server? No, the FTPs server is from a third party vendor.

Actually after checking at the trace log file, I've found the following at the log:

ssl_debug(245): Starting handshake (iSaSiLk 4.403)...

ssl_debug(245): Sending v3 client_hello message to host2.com:9907, requesting version 3.1...

ssl_debug(245): IOException while handshaking: Connection closed by remote host.

ssl_debug(245): Sending alert: Alert Fatal: handshake failure

ssl_debug(245): Shutting down SSL layer...

The SSL handshake process is successful at the control port, but then during the SSL handshake with the data port, there's an IOException.

What could possibly causing an IOException?

Thank you,

Suwandi C.

Hi All,

Thanks for the replies.

Yes, the folder has a read permission. I also have tried both connection mode (permanently or per file transfer) but still fails..

I wonder if there's a log where I can see in which step/command does this connection actually fails, because the error message is quite general.

Thank you,

Suwandi C.

Hi Suwandi,

After Raghuraman suggestion, you can change PI Connect Mode section (Permanently or per file transger). Also, that error could be when the FTP channel is hung or the server FTP doesn't close correctly the communication.

Regards.

Hello Suwandi,

Check whether the folder has read permissions inorder to pick the file.